Lucene search
HistoryAug 22, 2022 - 3:15 p.m.
CVE-2022-2388
wp coder
wordpress
csrf
vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
26.3%
The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack
Affected configurations
Node
wow-companywp_coderRange<2.5.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wow-company | wp_coder | * | cpe:2.3:a:wow-company:wp_coder:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
CVE-2022-2388 WP Coder < 2.5.3 - Code Deletion via CSRF
2022-08-22 15:02:35
patchstack
patchstack
wpexploit
wpexploit
WP Coder < 2.5.3 - Code Deletion via CSRF
2022-07-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-08-22 15:15:00
wpvulndb
wpvulndb
WP Coder < 2.5.3 - Code Deletion via CSRF
2022-07-26 00:00:00
cve
cve
CVE-2022-2388
2022-08-22 15:15:14
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
26.3%
Related for NVD:CVE-2022-2388